Add renovate and ntfy (unrelated)

2026-04-18 16:10:42 +10:00
parent b27f3e58ca
commit dbe11dc8fa
6 changed files with 215 additions and 2 deletions
--- a/2-nomad-config/renovate.nomad.hcl
+++ b/2-nomad-config/renovate.nomad.hcl
@@ -0,0 +1,64 @@
+job "renovate" {
+  type = "batch"
+
+  periodic {
+    cron             = "0 4 * * *" # Daily at 4am
+    prohibit_overlap = true
+  }
+
+  group "renovate" {
+    network {
+      mode = "bridge"
+    }
+
+    # Consul Connect sidecar with upstream to Gitea (service: code-connect, port 3000)
+    service {
+      name = "renovate"
+      connect {
+        sidecar_service {
+          proxy {
+            upstreams {
+              destination_name = "code-connect"
+              local_bind_port  = 3000
+            }
+          }
+        }
+      }
+    }
+
+    task "renovate" {
+      driver = "docker"
+
+      config {
+        image = "renovate/renovate:latest"
+      }
+
+      env = {
+        RENOVATE_PLATFORM     = "gitea"
+        RENOVATE_ENDPOINT     = "http://localhost:3000"
+        RENOVATE_GIT_URL      = "endpoint"
+        RENOVATE_REPOSITORIES = "othrayte/infra"
+        RENOVATE_GIT_AUTHOR   = "Renovate Bot <renovate@othrayte.one>"
+        LOG_LEVEL             = "debug"
+      }
+
+      # Required SOPS key:
+      #   renovate.gitea_token  — PAT for the renovate bot account in Gitea
+      #   Create a dedicated 'renovate' user in Gitea with these token scopes:
+      #     repo (read+write), user (read), issue (read+write), organization (read)
+      template {
+        data        = <<EOF
+RENOVATE_TOKEN={{ with nomadVar "nomad/jobs/renovate" }}{{ .gitea_token }}{{ end }}
+EOF
+        destination = "secrets/renovate.env"
+        env         = true
+      }
+
+      resources {
+        cpu        = 500
+        memory     = 512
+        memory_max = 1024
+      }
+    }
+  }
+}